Ask the Experts

Ask the Experts

• Best practices for IDS creation and signature database maintenance

  Mike Chapple offers an alternative to creating an intrusion detection system as well as advice on maintaining a signature database.  Continue Reading

• How to hide system information from network scanning software

  Network scanning software is capable of obtaining sensitive system information. Mike Chappel explains how implementing various firewalls can stop intrusive software in its tracks.  Continue Reading

• What are the top five concepts or lessons on security management?

  Many security managers wish their company executives understood more about the importance of information security. Security management expert Mike Rothman lists the top five things every executive should be informed of.  Continue Reading

• Is a Master Boot Record (MBR) rootkit completely invisible to the OS?

  Whether or not we see widespread attacks that use MBR rootkits will depend upon two factors. Platform security expert Michael Cobb explains them both.  Continue Reading

• Can a hacker actually post malicious scripts to any server using a drop-down list?

  By viewing a page's HTML source code and writing malicious scripts to a drop-down list, hackers may be able to re-post the malicous page to the server. In this security threats expert response, learn how to avoid this attack.  Continue Reading

• What are the pros and cons of zero-knowledge penetration tests?

  A penetration tester with no previous knowledge of the site being tested may be able to give some insight unavailable to other forms of penetration testing, but there are pros and cons. Expert Michael Cobb weighs in.  Continue Reading

• To what exactly would a request for biometric data from an insurance provider pertain?

  Biometric data serves only to verify identity. Identity and expert management expert Joel Dubin explains what an insurance company might want with biometric data.  Continue Reading

• What tools can a hacker use to crack a laptop password?

  Password cracking may be a hacker's specialty, but there are also many strategies to keep passwords secure.  Continue Reading

• Are Internet cafe users' email credentials at risk?

  Most browsers store all Web pages, including a user's message and other information, in a cache from which it is retrievable with relative ease. Expert Michael Cobb explains how to keep the personal data from getting into the wrong hands.  Continue Reading

• Should iPhone email be sent without SSL encryption?

  SSL encrypts all of the communication between your iPhone and your mail server. Network security expert Mike Chapple explains how important that feature really is.  Continue Reading

• What are the possible benefits of microchip implants and RFID tags for employees?

  Though it may seem like a good idea to mark employees in high risk areas with implants or RFID tags, there are some serious security concerns to take into account.  Continue Reading

• Which is a more secure data access technology: SPAN or TAP?

  When monitoring traffic on a network, which is the best tool to use? Network security expert Mike Chapple gives advice.  Continue Reading

• Which operating system can best secure an FTP site?

  In this expert Q&A, platform security expert Michael Cobb explains how a secure FTP protocol can improve websites and Web services.  Continue Reading

• Should a domain controller be placed within the DMZ?

  When creating an Active Directory network, is it necessary to place domain controllers in the DMZ? Network security expert Mike Chapple explains.  Continue Reading

• What are the dangers of cross-site request forgery attacks (CSRF)?

  Ed Skoudis defines the threats posed by cross-site request forgery attacks (CSRF), and explains how they are similar and different from cross-site scripting attacks.  Continue Reading

• What ports should be opened and closed when IPsec filters are used?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains how to set up separate branch IPsec filters that connect with a head office.  Continue Reading

• Is Triple DES a more secure encryption scheme than DUKPT?

  Both DES and TDES use a symmetric key, but Michael Cobb explains their separate and distinct roles in protecting financial transactions.  Continue Reading

• If one server in a DMZ network gets attacked from outside, will the other servers be corrupted?

  An attack to a DMZ server is a big security risk. But does it necessarily mean that other servers are infected? Network security expert Mike Chapple weighs in.  Continue Reading

• What is the purpose of RFID identification?

  RFID identification can be used to keep track of everything from credit cards to livestock. But what security risks are involved?  Continue Reading

• How to secure an FTP connection

  Network security expert Mike Chapple offers three tips that enable an FTP connection without opening up an enterprise to security risks.  Continue Reading

• DMVPN configuration: Should a firewall be between router and Internet?

  Cisco's Dynamic Multipoint VPN (DMVPN) product allows the configuration of site-to-site VPNs across WAN connections. Security expert Mike Chapple explains how a firewall fits into this particular network setup.  Continue Reading

• Two-tier distributed systems vs. three-tier distributed systems

  Mike Rothman discusses the pros and cons of using two-tier distribution systems vs. thee-tier distributed systems.  Continue Reading

• Is centralized logging worth all the effort?

  Network log records play an extremely important role in any well-constructed security program. Expert Mike Chapple explains how to implement a centralized logging infrastructure.  Continue Reading

• What are the pros and cons of shaping P2P packets?

  Packet shaping, a technique used to control computer network traffic, really isn't a security issue; it's a policy matter, says network expert Mike Chapple. Learn why, in this SearchSecurity.com Q&A.  Continue Reading

• Does SOX provision email archiving?

  Although SOX may lack specificity regarding certain controls, it does have clear mandates for email retention.  Continue Reading

• How would you meet PCI requirement 2.3 when it comes to terminal service or RDP sessions?

  What's the best way to comply with PCI DSS without having to create a secure IPsec tunnel with every connection to critical systems? Security management expert Mike Rothman gives his advice.  Continue Reading

• What techniques are being used to hack smart cards?

  Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.  Continue Reading

• How secure is online banking today?

  Most banks take the security of their online services seriously. In this expert Q&A, Michael Cobb explains why online banking is relatively safe -- with the exception of one particular mistake.  Continue Reading

• How to protect DNS servers

  The DNS database is the world's largest distributed database, but unfortunately, DNS was not designed with security in mind. Application security expert Michael Cobb explains how to keep a DNS server from being hijacked.  Continue Reading

• How should the ipseccmd.exe tool be used in Windows Vista?

  Ipseccmd is a command-line tool for displaying and managing IPsec policy and filtering rules. Expert Michael Cobb explains how to get the scripting utility to work with Vista.  Continue Reading

• Are encrypted Microsoft Word files safer in transit than PDF files?

  In this expert Q&A, Michael Cobb demonstrates how a misconfigured firewall makes it easy for some Microsft Word and PDF files to be sniffed in transit.  Continue Reading

• How would you define the responsibilities of a data custodian in a bank?

  Data security is incredibly important for financial institutions, and it's the data custodian's job to make sure that data is safe. Security management expert Mike Rothman explains more.  Continue Reading

• Can Trojans and other malware exploit split-tunnel VPNs?

  The beauty of split tunneling is that an enterprise doesn't need to provide the general Internet access point for a VPN user. Mike Chapple, however, also explains why split-tunnel VPNs provide a false sense of security.  Continue Reading

• Can a firewall alone effectively block port-scanning activity?

  In this expert response, Mike Chapple reveals which product is the best line of defense against port scanning threats.  Continue Reading

• Should an intrusion detection system (IDS) be written using Java?

  There's no reason that you couldn't implement intrusion detection functionality in any higher-level programming language, Java included. Network security expert Mike Chapple, however, explains why Java may not be the best choice.  Continue Reading

• What are the risks of connecting a Web service to an external system via SSL?

  Security pro Joel Dubin discusses the risks associated with SSL connections, and offers advice on how to avoid them.  Continue Reading

• What are the dangers of using radio frequency identification (RFID) tags?

  In this expert response, Joel Dubin discusses the dangers associated with radio frequency identification (RFID) tags, and how users can protect themselves.  Continue Reading

• Biometrics vs. biostatistics

  In this expert response, Joel Dubin examines the differences between biometrics and biostatistics.  Continue Reading

• How to store and secure credit card numbers on the LAN

  How do small companies typically store credit card numbers on their LANs? Joel Dubin comments.  Continue Reading

• Preventing employees from using a proxy to visit blocked sites

  P2P blocking can be difficult; smart blocking tools can help.  Continue Reading

• What software development practices prevent input validation attacks?

  Improper input validation leads to numerous kinds of attacks, including cross-site scripting, SQL injection and command injection. In this expert Q&A, Michael Cobb reviews the most important application development practices.  Continue Reading

• How are biometric signatures more than a fingerprint scanner?

  How secure are biometric signatures, and what's the best way to keep them from being defeated? Identity and access management expert Joel Dubin explains.  Continue Reading

• What can be done to block adult images in search engine results?

  What steps can be taken to ensure that children cannot access pornographic images through Google on their school's internet connection? Mike Rothman explains the options and the inherent difficulties.  Continue Reading

• Open source vs. commercial network access control (NAC) products

  There are now a number of free and open source network access control (NAC) products, but how do they stack up against the commercial options? Network professional Mike Chapple reviews the free alternatives, but also warns readers that a "stepping ...  Continue Reading

• A security checklist: How to build a solid DMZ

  As part of his monthly response to readers, Mike Chapple provides a list of security add-ons that no DMZ should be without.  Continue Reading

• What to consider before opening a port

  Recently, a reader asked network expert Mike Chapple, "What would be the security implications of opening six ports through a firewall?" Chapple reviews what questions need to be addressed before an organization exposes any network ports.  Continue Reading

• How to prevent hack attacks against smart card systems.

  What are smart cards, and how can the security of a smart card itself be maintained?  Continue Reading

• What are the pros and cons of using stand-alone authentication that is not Active Directory-based?

  Password managment tools other than Active Directory are available, though they may not be the best access control coordinators.  Continue Reading

• How can birth certificate fraud and passport fraud be prevented?

  Best practices for preventing birth certificate and passport fraud from expert Mike Rothman.  Continue Reading

• Does Teredo present security risks to the enterprise?

  Teredo allows internal networks to transition to IPv6, interconnecting them through their NAT devices and across the IPv4 Internet. Ed Skoudis explains why this function isn't as innocent as it seems.  Continue Reading

• What security risks do enterprise honeypots pose?

  Honeypots can provide a great deal of insight into an environment's attack activity. However, before implementing them, there are some significant issues that require careful consideration and planning.  Continue Reading

• How effective are phishing links that refer to FTP sites?

  The vast majority of phishing emails still include HTTP links, but there has been a recent smattering that refer to FTP sites. In this SearchSecurity.com Q&A, Ed Skoudis explains how to be ready for the malicious messages.  Continue Reading

• Should a Java Runtime Environment (JRE) be kept up to date?

  Critical security flaws are often discovered in Java Runtime Environment implementations. Unfortunately, most users don't apply any appropriate patches. Ed Skoudis reveals the security risks posed by a vulnerable JRE.  Continue Reading

• How to conduct an efficient and thorough employee access review

  In order to meet HIPAA and SOX compliance requirements, an employee access review is necessary.  Continue Reading

• Will one failed drive corrupt the rest of a RAID-5 array?

  In this expert Q&A, Michael Cobb explains when it is appropriate to keep a RAID-5 array's failed drive online.  Continue Reading

• What security issues can arise from unsynchronized system clocks?

  Network administrators don't always pay enough attention to the issues of system clock accuracy and time synchronization. Michael Cobb explains why that can lead to security problems.  Continue Reading

• What precautions should be taken if biometric data is compromised?

  In this Q&A, Joel Dubin discusses what precautions to take if corporate biometric data is stolen.  Continue Reading

• Is it against HIPAA regulations to display client names?

  Security management expert Mike Rothman discusses the terms of HIPAA, specifically if it is a violation of the act to publicly display client names.  Continue Reading

• Getting started on a career in penetration testing

  In this expert response, Mike Rothman offers insight on how to start a career in penetration testing.  Continue Reading

• What is Spycar?

  Spycar, still available for free, tests a machine against 17 daggressive spyware-like behaviors. Information security threat expert Ed Skoudis explains the tool and gives a preview of Spycar 2.  Continue Reading

• How to prevent hackers from accessing your router security password

  In this Q&A, Joel Dubin unveils the best practices for protecting a router security password from compromise.  Continue Reading

• How does identity propagation work?

  In this expert Q&A, Joel Dubin defines identity propagation and explains how it works.  Continue Reading

• What is the best way to comply with PCI DSS requirements 9 and 10?

  Security management expert Mike Rothman unveils how corporations can get compliant with PCI DSS guidelines, specifically requirements 9 and 10.  Continue Reading

• Comparing proxy servers and packet-filtering firewalls

  In the world of security, judging proxy servers and packet-filtering firewalls together is like comparing apples and oranges. But that won't stop network security expert Mike Chapple from giving such comparisons a try.  Continue Reading

• How can root and administrator privileges of different systems be delegated on one account?

  In this expert response, Joel Dubin discusses how corporations can manage "superuser" accounts by delegating root and administrator privileges.  Continue Reading

• Will FTP ever be a secure way to transfer files?

  A SearchSecurity.com member asks our network security expert Mike Chapple: Is the File Transfer Protocol a secure way to transfer files? As one of his many monthly responses to readers, Chapple reveals a better alternative to FTP.  Continue Reading

• What is the best way to securely change the local administrator password in a domain?

  Identity management and access control expert Joel Dubin unveils how a corporation can change local administrator accounts and passwords on a domain system.  Continue Reading

• Is it a violation of HIPAA to collect consumer Social Security numbers?

  In this expert response, Mike Rothman discusses if collecting consumer SSNs is a HIPAA violation, and unveils how to handle employees that disregard corporate policies.  Continue Reading

• What are the security risks of a corporate divestiture?

  Security management expert Mike Rothman discusses the data protection issues involved with a corporate divestiture .  Continue Reading

• Will enabling Group Policy password settings affect existing user accounts?

  In this expert response, identity management and access control expert Joel Dubin discusses the affect that Active Directory Group Policy password settings can have on user accounts.  Continue Reading

• Are challenge-response technologies the best way to stop spam?

  Challenge-response spam technology intercepts incoming emails and sends a challenge to the sender, asking him or her to confirm the message's validity. Though the antispam mechanism has gained popularity, there may be more secure alternatives, says ...  Continue Reading

• How to test an e-commerce Web site's security and privacy defenses

  Assessing the security of e-commerce sites means checking up on their associated servers, databases and applications. In this expert response, Michael Cobb explains where to start.  Continue Reading

• Is it possible to identify a fake wireless access point?

  A network's identity is easy to fake. If you're looking for proof of a valid access point, Mike Chapple reveals some secure wireless options.  Continue Reading

• Using fingerprint door locks in a network environment

  Identity management and access control expert Joel Dubin discusses fingerprint door lock technology, and unveils whether or not they can be controlled through a network.  Continue Reading

• Why does Skype connect to so many servers?

  Skype is a peer-to-peer service that uses a distributed network of "supernodes" to facilitate communication throughout the world. But is it safe to have so many "volunteer" connections? Mike Chapple explains.  Continue Reading

• Traditional single sign-on (SSO) products versus federated identities

  Identity management and access control expert Joel Dubin discusses the pros and cons of single sign-on products and federated identities.  Continue Reading

• What are the dangers of Web-based remote access systems?

  Identity management and access control expert Joel Dubin discusses the security risk associated with using Web-based remote access systems, such as LogMeIn and GoToMyPC.  Continue Reading

• Where did the biometric device come from?

  In this expert Q&A, security expert Joel Dubin discusses the history of the biometric device, more specifically the fingerprint reader and scanner.  Continue Reading

• What are the best bot detection tools?

  Today, antimalware tools can detect hundreds of different bot variants using signature and heuristic techniques, but they aren't perfect. Ed Skoudis reveals some other options.  Continue Reading

• Can fuzzing identify cross-site scripting (XSS) vulnerabilities?

  Fuzzing may find weaknesses in software, but the testing process can't find every flaw. Ed Skoudis explains what other tools are necessary when looking for cross-site scripting vulnerabilities.  Continue Reading

• What is an ideal patch management process for small businesses?

  Patch management and testing can be a time-consuming and resource-hungry task. In this expert response, Michael Cobb demonstrates how to streamline the process.  Continue Reading

• Can Snort stop application-layer attacks?

  Even though Snort can add an important layer of defense for applications, it won't fix the underlying problem of poorly written ones. Michael Cobb reveals a more efficient technique for patching up XSS and SQL injection vulnerabilities.  Continue Reading

• What types of software can help a company perform a security risk assessment?

  Security management expert Mike Rothman unveils what kind of software is on the market to help assist a company in the risk assessment process.  Continue Reading

• Is encrypting cookies a PCI DSS requirement?

  Security management expert Mike Rothman discusses whether or not storing sensitive information in the form of a cookie is considered a violation of PCI DSS.  Continue Reading

• How should sensitive customer data, such as driver's license information, be handled?

  In this Q&A, Identity management and access control expert Joel Dubin discusses how to properly protect the personal data of a driver's license.  Continue Reading

• Choosing from the top PKI products and vendors

  In this expert response, security pro Joel Dubin discusses the best ways to compare PKI products and vendors for enterprise implementation of PKI.  Continue Reading

• Does single sign-on (SSO) improve security?

  In this expert response, security pro Joel Dubin discusses the impact that enterprise single sign-on (SSO) can have on a security program.  Continue Reading

• What are the pros and cons of using keystroke dynamic-based authentication systems?

  In this SearchSecurity.com Q&A, security pro Joel Dubin discusses the positive and negative aspects of using keystroke dynamic-based authentication systems.  Continue Reading

• What mistakes are made when implementing enterprise IAM systems?

  In this SearchSecurity.com Q&A, security expert Joel Dubin unveils the biggest mistakes made by corporations during identity and access management system implementation, and offers advice on how to avoid them.  Continue Reading

• What are the best laptop data encryption options?

  When it comes to protecting laptops and hard drives, there are plenty of choices. In this expert Q&A, Michael Cobb lays out some data protection options. And they're not just software-based, either.  Continue Reading

• How to keep personally identifiable information out of access logs

  Are there products available that can hide the internal IP addresses recorded in log files? Maybe not, but in this expert Q&A, Michael Cobb reveals which tools can prevent the transfer of personally identifiable information to third parties.  Continue Reading

• Can the symmetric encryption algorithm for S/MIME messages be changed?

  Encryption algorithm requirements ensure a base level of interoperability among all S/MIME implementations. Email clients, however, can add additional algorithms, provided they correctly identify which algorithms a particular message uses. Expert ...  Continue Reading

• What are the proper procedures for handling a potential insider threat?

  In this SearchSecuity.com Q&A, Mike Rothman discusses how corporations can avoid insider threats by forming an incident response plan and monitoring employee behavior.  Continue Reading

• How expensive are IPsec VPN setup costs?

  Although IPsec VPN tunnels tend to be fairly low maintenance, their setup and maintenance costs can quickly mount, depending on an enterprise's equipment. In this expert Q&A, Mike Chapple reveals how much enterprises can expect to pay on a new ...  Continue Reading

• What is the relationship between open port range and overall risk?

  Exposing a large number of well-known ports could be a substantial risk, depending upon their nature. In this expert Q&A, Mike Chapple explains why it may be best to narrow down a port range.  Continue Reading

• Will iptables screen UDP traffic?

  UDP is a connectionless protocol that can't be screened using strict stateful inspection. However, most modern firewalls, including iptables, treat UDP in the same manner as a connection-oriented protocol. Mike Chapple explains the process in this ...  Continue Reading

• Will deploying VoIP on an 802.1x network create security problems?

  Voice over IP telephony is beginning to replace traditional PBX in the enterprise. In this expert Q&A, Mike Chapple explains how the popular VoIP technology has its own unique security implications.  Continue Reading

• Should a router be placed between the firewall and DMZ?

  Modern firewalls have the ability to serve as a router, negating the need of another device on a network. There are exceptions to this router rule, however. Network security expert Mike Chapple explains.  Continue Reading

• Defining your security certification objective

  In this SearchSecurity.com Q&A, security management expert Mike Rothman discusses which security certifications, such as CISSP and CISA, comply with specific objectives.  Continue Reading

• How does SSL 'sit' between the network layer and application layer?

  SSL is neither a network layer protocol nor an application layer protocol. In this SearchSecurity.com Q&A, Michael Cobb explains how SSL "sits" between both layers.  Continue Reading